Home Analyst Portal

How to add https to cireson portal website

Suruchi_BharatiSuruchi_Bharati Customer IT Monkey ✭
We recently upgraded production portal from version 4 to the latest 7.4. After the upgrade i see that portal lost the https setting. I might have missed adding it during the upgrade / install.  What is my easiest way to secure the website by adding https now.  

Answers

  • Brian_WiestBrian_Wiest Customer Super IT Monkey ✭✭✭✭✭
    Setup does not setup https
    I always have to set in IIS
    Update your bindings to map https. 
  • Suruchi_BharatiSuruchi_Bharati Customer IT Monkey ✭
    Brian - can you provide me link to detailed steps for configuring the https. is there a link I can refer to ? Thank you
  • Brian_WiestBrian_Wiest Customer Super IT Monkey ✭✭✭✭✭
    IIS
    Sites
    CiresonPortal
    Bindings
    Add a new binding with https, host name and your cert
  • Tom_HendricksTom_Hendricks Customer Super IT Monkey ✭✭✭✭✭
    edited May 2017
    @Brian_Wiest is 100% correct, but it should be added that your binding will be destroyed each time you run the installer.  Also destroyed: app subfolders, virtual directories.  The installer functions more like uninstall/reinstall than an update.  You will need to either run through these steps again after each install which is not overly burdensome, or script it.

    As a script example:
    # Restore the bindings AFTER the portal update - test to see if the https binding exists first
    if (-Not (Get-WebBinding -Name CiresonPortal | ? { $_.protocol -eq "https" })) {
    Write-Output "SSL Binding removed by Cireson Installer. Restoring Bindings with certificate..."

    try {
    Set-Location IIS:\SslBindings
    New-WebBinding -Name $PortalSiteName -IPAddress * -Port 443 -Protocol "https"

    Write-Output "SSL Binding restored."
    }
    catch {
    Write-Output "ERROR: SSL Binding was not restored! Please add the binding and certificate back to the site manually. Error Details: $Error"
    }
    try {
    #sometimes an error is generated if the binding needed to be restored but the cert is already assigned.
    $Cert | New-Item 0.0.0.0!443
    }
    catch {
    Write-Output "**Potential** Error: The cert could not be added to the SSL binding. This could be because it already exists. Review the following error message for further instruction: $Error"
    }

    # Typically the redirection is wiped out if the binding is also gone.
    Write-Output "Restoring HTTPS Redirect config settings..."
    Add-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST/CiresonPortal' -filter "system.webServer/rewrite/rules" -name "." -value @{name='HTTPS Redirect';stopProcessing='True'}
    Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST/CiresonPortal' -filter "system.webServer/rewrite/rules/rule[@name='HTTPS Redirect']/match" -name "url" -value "(.*)"

    Add-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST/CiresonPortal' -filter "system.webServer/rewrite/rules/rule[@name='HTTPS Redirect']/conditions" -name "." -value @{input='{HTTPS}';pattern='OFF'}
    Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST/CiresonPortal' -filter "system.webServer/rewrite/rules/rule[@name='HTTPS Redirect']/action" -name "url" -value "https://{HTTP_HOST}/{R:1}"
    Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST/CiresonPortal' -filter "system.webServer/rewrite/rules/rule[@name='HTTPS Redirect']/action" -name "appendQueryString" -value "False"
    Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST/CiresonPortal' -filter "system.webServer/rewrite/rules/rule[@name='HTTPS Redirect']/action" -name "redirectType" -value "Found"

    # The IIS Session timeout may also be wiped out and replaced with the default 20 minutes. Adjust after all installations.
    Write-Output "Restoring Session Timeout settings"
    Set-ItemProperty $("IIS:\AppPools\" + $PortalAppPool) -Name processModel.idleTimeout -Value ([TimeSpan]::FromMinutes($SessionTimeoutMins))
    Set-WebConfigurationProperty system.web/sessionState $("IIS:\Sites\" + CiresonPortal) -Name timeout -Value ([TimeSpan]::FromMinutes($SessionTimeoutMins))
    }
    else {
    Write-Output "SSL Binding was not removed by installer, so no action was required."
    }


    Notes:
    • $cert, $sessionTimeoutMins, and $PortalAppPool are in need of values below, because I did not grab that part of the script
    • This example assumes that the CiresonPortal is the root of the web server.  Changes to the hostname, IP, paths may be needed depending on your configuration

Sign In or Register to comment.